CyberWar, CyberTerror, CyberCrime

CyberWar, CyberTerror, CyberCrime: A Guide to the Role of Standards in an Environment of Change and Danger

JULIE E. MEHAN
Copyright Date: 2008
Published by: IT Governance Publishing
Pages: 284
https://www.jstor.org/stable/j.ctt5hh594
  • Cite this Item
  • Book Info
    CyberWar, CyberTerror, CyberCrime
    Book Description:

    CyberWar, CyberTerror, CyberCrime introduces readers to the practical use of standards and best practices to address significant security problems, such as those presented by cyberwar, cyberterror, and cybercrime. It also identifies a body of knowledge essential to acquire, develop, and sustain a secure information environment. This book provides a new context for addressing some of the broader challenges of security. It encourages security professionals to look at the dangerous environment in which information systems exist, and to view the world of international standards and best practices as a resource for creating a culture of security within their own organizations.

    eISBN: 978-1-905356-48-5
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. i-iv)
  2. PREFACE
    (pp. v-viii)
    Julie E. Mehan
  3. ABOUT THE AUTHOR
    (pp. ix-x)
  4. Table of Contents
    (pp. xi-xii)
  5. INTRODUCTION
    (pp. 1-4)

    For persons with knowledge of security engineering, but not standards and best practices, this book introduces them to the discipline of international standards and best practices and points to references for further knowledge. It supplies the background needed to meaningfully recognize the topic that a reference might cover and highlights the references which might be of interest.

    This book cannot, of course, enumerate the knowledge needed in all possible fields in which secure information systems are essential.

    The period of human history in which we are living is often called the information era. An era in which the whole world...

  6. CHAPTER 1: WHAT TECHNOLOGY GIVETH IT TAKETH AWAY
    (pp. 5-18)

    Despite Postman’s dire prediction, society has profited immensely from the development, implementation, and operation of new information technologies. Our lives have been enriched by the increased prosperity, expanded opportunity, and greater variety that advances in information technology provide.

    The information age is a product of information technology. This is not, however, its distinguishing feature. Despite what many may believe, technology in some form has always been a part of humanity, even in the most primitive of societies. The factor that distinguishes the period of information revolution following the invention of the printing press, and the same factor that distinguishes our...

  7. CHAPTER 2: CYBERATTACK: IT’S A DANGEROUS WORLD FOR INFORMATION SYSTEMS
    (pp. 19-48)

    In 1981, science fiction author Frederick Pohl published a novel entitledThe Cool War. It describes a future world in which war has been forbidden after the destruction of the oil supply in the Middle East. Despite this ban, however, nations continue to battle at lower levels of conflict. Workers are intentionally infected with virulent strains of flu, power supplies are sabotaged leading to regular power failures, and water supplies are drained. While these actions could not be considered warfare, they quickly become draining nuisances with devastating impacts on each nation’s quality of life. Many security professionals claim that, much...

  8. CHAPTER 3: THE HUMAN FACTOR: THE UNDERRATED THREAT
    (pp. 49-66)

    Vast selections of security tools are available; firewalls, intrusion detection systems, anti-virus solutions, and many more. Each tool is designed to perform a specific function, the use of which provides one layer of protection for an information system. However, even the very best tools using the most advanced technology and the most secure algorithms cannot guarantee 100% system security. So, what is the weakest link in the security chain? The answer: people.

    People are involved in the development and implementation of security tools; they use the information infrastructure, and develop and field applications to manage their tasks. But people make...

  9. CHAPTER 4: TRANSITION FROM AN ENVIRONMENT OF ‘FUD’ TO A STANDARDS-BASED ENVIRONMENT
    (pp. 67-70)

    Thus far, this text has centred on establishing a picture of a cyber threat environment with elements of cyberwar, cyberterror, and cybercrime. Clearly, cybersecurity is emerging as an increasingly critical counter to this boundaryless threat for each nation or organization around the globe. At the same time, creating a successful cyberdefence has become increasingly more complex. Cybersecurity based solely on exclusion or isolation is no longer possible in a world where demand for services and access to information services is ever increasing. Organizations must practice cybersecurity by inclusion, allowing customers, citizens, employees, and business partners the levels of access and...

  10. CHAPTER 5: ESTABLISHING A CULTURE OF CYBERSECURITY
    (pp. 71-82)

    When thinking about the term organizational culture, what is the first thing that pops into your mind? Most will respond with something like: ‘It’s how we do things around here.’ That may be true, but it only begins to address the implications of culture.

    Whether or not culture can be clearly defined, it is obvious that it exists and impacts how things get done; it critically affects organizational success or failure, determines who fits in and who doesn’t, and expresses the overall mood of the organization. An organization’s, or nation’s, culture will affect how it thinks about cybersecurity – and...

  11. CHAPTER 6: INCREASING INTERNATIONALISM: GOVERNANCE, LAWS, AND ETHICS
    (pp. 83-94)

    We have all been witness to the rise of trans-nationalism in the commercial world and an increase in the free circulation of goods, people, and ideas regardless of national borders. The world of information systems presents the same evolution. Services, networks, information infrastructures, hardware architectures, and application development are occurring in recognition of a world of increasingly nomadic users, mobile components, modular computer software and hardware, outsourced applications, and fluidly exchangeable information. Large digital infrastructures are being deployed as a result of the success of the Internet. An internationally interdependent and interconnected Web provides ubiquitous access and communication.

    This growing...

  12. CHAPTER 7: STANDARDS: WHAT ARE THEY AND WHY SHOULD WE CARE?
    (pp. 95-108)

    The International Organization for Standardization (ISO) defines standards as:

    Documented agreements containing technical specification or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.

    ISO (2002b)

    With the realization that we face an uncertain security environment, it follows that our security structures must re-evaluate their strategies, organization, and processes. In order to be effective, the major security issues that need to be resolved are trust and interoperability. And trust is a complicated issue. First, there is no single acceptable definition of trust....

  13. CHAPTER 8: FROM CYBERWAR TO CYBERDEFENCE: APPLYING STANDARDS IN AN ENVIRONMENT OF CHANGE AND DANGER
    (pp. 109-240)

    In security parlance, there are essentially two approaches – reactive and proactive. In the reactive approach, those responsible for cybersecurity add security countermeasures on an as-needed basis, typically in response to a given cybersecurity event or incident. This has been the traditional paradigm for protecting our information infrastructures.

    The proactive approach is one where administrators conduct risk analyses, identify the appropriate cybersecurity controls and processes, and apply these enterprise-wide.

    Effective application of cybersecurity standards and the principles of cybersecurity management require organizations to establish mechanisms to prevent, deter, detect, and recover from attacks.

    The chapters on cyberwar, cyberterror, and cybercrime...

  14. CHAPTER 9: CONCLUSION: WHERE DO WE GO FROM HERE?
    (pp. 241-244)

    If you were looking for a comprehensive manual on how to create an enterprise cybersecurity programme, you were likely disappointed in this text.

    There are many other extremely well written publications that address cybersecurity programme specifics. Rather, the intent here was to provide a roadmap for thinking about cybersecurity and the establishment of a successful cybersecurity programme through the prism of national and international standards, regulations, guidelines, and best practices and view these as a means to navigate the treacherous waters of an unpredictable cybersecurity environment.

    As part of the conclusion, it might be useful to review a cybersecurity roadmap...

  15. APPENDIX 1: GAP ANALYSIS AREAS OF INTEREST
    (pp. 245-248)
  16. APPENDIX 2: STANDARDS CROSSWALK
    (pp. 249-252)
  17. DEFINITIONS
    (pp. 253-254)
  18. ACRONYMS
    (pp. 255-256)
  19. INDEX
    (pp. 257-268)
  20. ITG RESOURCES
    (pp. 269-271)